package com.google.gerrit.server.account;

import com.google.gerrit.common.Nullable;
import com.google.gerrit.common.data.GlobalCapability;
import com.google.gerrit.common.errors.InvalidSshKeyException;
import com.google.gerrit.common.errors.NoSuchGroupException;
import com.google.gerrit.extensions.annotations.RequiresCapability;
import com.google.gerrit.extensions.api.accounts.AccountInput;
import com.google.gerrit.extensions.common.AccountInfo;
import com.google.gerrit.extensions.registration.DynamicSet;
import com.google.gerrit.extensions.restapi.BadRequestException;
import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.extensions.restapi.TopLevelResource;
import com.google.gerrit.extensions.restapi.UnprocessableEntityException;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.Sequences;
import com.google.gerrit.server.account.AccountLoader;
import com.google.gerrit.server.account.AccountsUpdate;
import com.google.gerrit.server.account.VersionedAuthorizedKeys;
import com.google.gerrit.server.account.externalids.ExternalId;
import com.google.gerrit.server.account.externalids.ExternalIds;
import com.google.gerrit.server.account.externalids.ExternalIdsUpdate;
import com.google.gerrit.server.api.accounts.AccountExternalIdCreator;
import com.google.gerrit.server.group.GroupsCollection;
import com.google.gerrit.server.group.GroupsUpdate;
import com.google.gerrit.server.group.UserInitiated;
import com.google.gerrit.server.mail.send.OutgoingEmailValidator;
import com.google.gerrit.server.ssh.SshKeyCache;
import com.google.gwtorm.server.OrmDuplicateKeyException;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.assistedinject.Assisted;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.eclipse.jgit.errors.ConfigInvalidException;

@RequiresCapability(GlobalCapability.CREATE_ACCOUNT)
/* loaded from: input_file:com/google/gerrit/server/account/CreateAccount.class */
public class CreateAccount implements RestModifyView<TopLevelResource, AccountInput> {
    private final ReviewDb db;
    private final Sequences seq;
    private final GroupsCollection groupsCollection;
    private final VersionedAuthorizedKeys.Accessor authorizedKeys;
    private final SshKeyCache sshKeyCache;
    private final AccountsUpdate.User accountsUpdate;
    private final AccountLoader.Factory infoLoader;
    private final DynamicSet<AccountExternalIdCreator> externalIdCreators;
    private final ExternalIds externalIds;
    private final ExternalIdsUpdate.User externalIdsUpdateFactory;
    private final Provider<GroupsUpdate> groupsUpdate;
    private final OutgoingEmailValidator validator;
    private final String username;

    /* loaded from: input_file:com/google/gerrit/server/account/CreateAccount$Factory.class */
    public interface Factory {
        CreateAccount create(String str);
    }

    @Inject
    CreateAccount(ReviewDb reviewDb, Sequences sequences, GroupsCollection groupsCollection, VersionedAuthorizedKeys.Accessor accessor, SshKeyCache sshKeyCache, AccountsUpdate.User user, AccountLoader.Factory factory, DynamicSet<AccountExternalIdCreator> dynamicSet, ExternalIds externalIds, ExternalIdsUpdate.User user2, @UserInitiated Provider<GroupsUpdate> provider, OutgoingEmailValidator outgoingEmailValidator, @Assisted String str) {
        this.db = reviewDb;
        this.seq = sequences;
        this.groupsCollection = groupsCollection;
        this.authorizedKeys = accessor;
        this.sshKeyCache = sshKeyCache;
        this.accountsUpdate = user;
        this.infoLoader = factory;
        this.externalIdCreators = dynamicSet;
        this.externalIds = externalIds;
        this.externalIdsUpdateFactory = user2;
        this.groupsUpdate = provider;
        this.validator = outgoingEmailValidator;
        this.username = str;
    }

    @Override // com.google.gerrit.extensions.restapi.RestModifyView
    public Response<AccountInfo> apply(TopLevelResource topLevelResource, @Nullable AccountInput accountInput) throws BadRequestException, ResourceConflictException, UnprocessableEntityException, OrmException, IOException, ConfigInvalidException {
        return apply(accountInput != null ? accountInput : new AccountInput());
    }

    public Response<AccountInfo> apply(AccountInput accountInput) throws BadRequestException, ResourceConflictException, UnprocessableEntityException, OrmException, IOException, ConfigInvalidException {
        if (accountInput.username != null && !this.username.equals(accountInput.username)) {
            throw new BadRequestException("username must match URL");
        }
        if (!this.username.matches(Account.USER_NAME_PATTERN)) {
            throw new BadRequestException("Username '" + this.username + "' must contain only letters, numbers, _, - or .");
        }
        Set<AccountGroup.UUID> parseGroups = parseGroups(accountInput.groups);
        Account.Id id = new Account.Id(this.seq.nextAccountId());
        ExternalId createUsername = ExternalId.createUsername(this.username, id, accountInput.httpPassword);
        if (this.externalIds.get(createUsername.key()) != null) {
            throw new ResourceConflictException("username '" + this.username + "' already exists");
        }
        if (accountInput.email != null) {
            if (this.externalIds.get(ExternalId.Key.create(ExternalId.SCHEME_MAILTO, accountInput.email)) != null) {
                throw new UnprocessableEntityException("email '" + accountInput.email + "' already exists");
            }
            if (!this.validator.isValid(accountInput.email)) {
                throw new BadRequestException("invalid email address");
            }
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(createUsername);
        Iterator<AccountExternalIdCreator> it = this.externalIdCreators.iterator();
        while (it.hasNext()) {
            arrayList.addAll(it.next().create(id, this.username, accountInput.email));
        }
        ExternalIdsUpdate create = this.externalIdsUpdateFactory.create();
        try {
            create.insert(arrayList);
            if (accountInput.email != null) {
                try {
                    create.insert(ExternalId.createEmail(id, accountInput.email));
                } catch (OrmDuplicateKeyException e) {
                    try {
                        create.delete(createUsername);
                    } catch (IOException | ConfigInvalidException e2) {
                    }
                    throw new UnprocessableEntityException("email '" + accountInput.email + "' already exists");
                }
            }
            this.accountsUpdate.create().insert(id, account -> {
                account.setFullName(accountInput.name);
                account.setPreferredEmail(accountInput.email);
            });
            for (AccountGroup.UUID uuid : parseGroups) {
                try {
                    this.groupsUpdate.get().addGroupMember(this.db, uuid, id);
                } catch (NoSuchGroupException e3) {
                    throw new UnprocessableEntityException(String.format("Group %s not found", uuid));
                }
            }
            if (accountInput.sshKey != null) {
                try {
                    this.authorizedKeys.addKey(id, accountInput.sshKey);
                    this.sshKeyCache.evict(this.username);
                } catch (InvalidSshKeyException e4) {
                    throw new BadRequestException(e4.getMessage());
                }
            }
            AccountLoader create2 = this.infoLoader.create(true);
            AccountInfo accountInfo = create2.get(id);
            create2.fill();
            return Response.created(accountInfo);
        } catch (OrmDuplicateKeyException e5) {
            throw new ResourceConflictException("username '" + this.username + "' already exists");
        }
    }

    private Set<AccountGroup.UUID> parseGroups(List<String> list) throws UnprocessableEntityException {
        HashSet hashSet = new HashSet();
        if (list != null) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                hashSet.add(this.groupsCollection.parseInternal(it.next()).getGroupUUID());
            }
        }
        return hashSet;
    }
}
